Not currently an IIBA Toronto Member. $25 if pre registered. $35 at the door. Online registration closes at 3 PM on the day of the event.

Registration is closed

Assessing and Managing Security Risk in IT Systems

A Structured Methodology
John Wang

“An increasing number of software organizations recognize that developing security requirements is more important than designing protections because paying attention to security requirements in the early stages of the software lifecycle potentially saves millions of dollars.”

~Qian Gao

Building Security Requirements

Security is not about features.

It is typically difficult (or impossible) to patch bad software, and nearly always costly to do so. Early consideration of security makes it part of the standard SDLC, and places it on a par with functional requirements. You can’t test what you don’t specify.

"75% of all attacks today occur at the application layer and bypass traditional firewalls."
~Gartner

INTEREST IN NORTH Korean hacking comes and goes, but this weekexperts cautionedthat the US shouldn't underestimate or ignore this persistent and growing threat. The FBI and DHS even officially attributed the destructive WannaCry ransomware to the reclusive nation.

At least the Department of Defense is still on the cutting edge. Its Strategic Capabilities Office is working on developing ways toweaponize video games. And special prosecutor Robert Mueller hasput togetheran all-star investigatory team.

Plus the CIA could belurkingon basically every router out there, according to documents released by WikiLeaks. Sohere's a listof everyone President Donald Trump has blocked on Twitter to take your mind off things.

And there's more. Each Saturday we round up the news stories that we didn’t break or cover in depth but that still deserve your attention. As always, click on the headlines to read the full story in each link posted. And stay safe out there.

In May, Microsoft released patches for the virulent WannaCry ransomware for Windows XP even though that operating system is no longer officially supported. This week, the company followed up with a dozen additional patches that cover no-longer-supported versions including Windows XP, Windows Vista, Windows 8, Windows Server 2003, and Windows Server 2003 R2. Microsoft said that though it is not reinstating support for these aging OSes, it does want to take "action to provide additional critical security updates to address vulnerabilities that are at heightened risk of exploitation due to past nation-state activity and disclosures." While working to anticipate and preempt the next WannaCry-type incident is important, some experts worry that making too much of a habit of patching old systems will give stragglers an excuse to hold out on these dangerously insecure platforms even longer instead of being forced to upgrade. On the other hand, security pressure hasn't really created that urgency so far.